CVE-2026-7728

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ryanjoachim mcp-rtfm version 0.1.0

Description A path traversal issue exists in the MCP Interface component. A remote attacker can manipulate the docFile argument within the get doc content(), read doc(), and update doc() functions to access or modify files outside the intended directory.

Recommendations Apply patch e6f0686fc36012f78236e7fed172c81444904b0b to version 0.1.0.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-7728

Affected Products

Mcp-Rtfm

CVE-2026-7728

Weakness Enumeration

Related Identifiers

Affected Products

References · 9